Table: splunk_app - Query Splunk Apps using SQL

Splunk Apps are applications that are designed to enhance and extend the functionality of the Splunk platform. These apps provide features like dashboards, reports, alerts, data inputs, and workflows, tailored for specific use-cases or data sources. They are a crucial part of the Splunk ecosystem, enabling users to customize and optimize their data analysis and visualization.

Table Usage Guide

The splunk_app table provides insights into the applications available in the Splunk environment. As a data analyst or a security professional, you can explore app-specific details through this table, including the app version, description, and visibility. Utilize it to uncover information about the apps, such as their configuration, status, and the data sources they are designed to handle.

Examples

Basic info

Explore the basic details of your Splunk applications such as their names, versions, and authors. This can help in tracking the app updates and understanding the source of each application.

select
  name,
  version,
  author
from
  splunk_app;

select
  name,
  version,
  author
from
  splunk_app;

List apps that are not visible

Determine the apps that are hidden or not readily visible to users, useful for understanding which applications may not be fully accessible or utilized within your system.

select
  name,
  version,
  author,
  visible
from
  splunk_app
where
  not visible;

select
  name,
  version,
  author,
  visible
from
  splunk_app
where
  visible = 0;

List disabled apps

Determine the areas in which apps are disabled to understand their impact on the system's functionality. This can be useful in identifying potential issues or areas for improvement in the system's performance.

select
  name,
  version,
  author,
  disabled
from
  splunk_app
where
  disabled;

select
  name,
  version,
  author,
  disabled
from
  splunk_app
where
  disabled = 1;

List apps with auto-update check enabled

Discover the segments that have enabled the auto-update feature in their apps. This can assist in maintaining up-to-date applications and ensuring the latest features and security measures are in place.

select
  name,
  version,
  author,
  check_for_updates
from
  splunk_app
where
  check_for_updates;

select
  name,
  version,
  author,
  check_for_updates
from
  splunk_app
where
  check_for_updates = 1;

Schema for splunk_app

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form, e.g. connection_name.
acl	jsonb		Access Control List for the app.
author	text		Author of this object in the system.
check_for_updates	boolean		If true, then check Splunkbase for app updates.
configured	boolean		If true, then Custom app setup is complete.
core	boolean
description	text		App description.
details	text		URL to use for detailed information about the app.
disabled	boolean		If true, the app is disabled.
id	text		ID of the app.
label	text		App name.
links	jsonb		Links for the app resource.
managed_by_deployment_client	boolean
name	text	=	Name of the app.
show_in_nav	boolean
state_change_requires_restart	boolean
updated	timestamp with time zone		Time when the app was last updated.
version	text		App version.
visible	boolean		If true, app is visible and navigable from Splunk Web.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- splunk

You can pass the configuration to the command with the --config argument:

steampipe_export_splunk --config '<your_config>' splunk_app